A string of cyber attacks that saw about $1 billion stolen from banks affected 100 banks, e-payment systems and other organisations in a two-year period, according to an investigation led by Kaspersky Lab.
The attacks targeted institutions all over the world and highlight the difficulty of protecting this type of system, as protection systems themselves are vulnerable to hacks.
Martin Lee, cyber crime manager at Alert Logic, said: "Whitelisting applications on PCs and laptops could have detected the malware as an unapproved application. Yet whitelisting services are not immune from attacks themselves and may just become a single point of failure which, when breached, gives an attacker the ability to deploy undetectable malware.”
“The reconnaissance phase of attack and command and control traffic are weak points for the attacker since their activity will be visible on the network. Equally, unusual changes in bank balances will give away their presence. But organisations need to be routinely collecting data so that they can spot anomalies, and have the resources to conduct investigations to identify the root cause.”
These attacks were unique as it didn’t matter what software the banks used.
Sergey Golovanov, principal security researcher for Kaspersky Lab’s global research and analysis team said: “Even if its software is unique, a bank cannot get complacent.”
“The attackers didn’t even need to hack into the banks’ services: once they got into the network, they learned how to hide their malicious plot behind legitimate actions. It was a very slick and professional cyber-robbery.”
The plot was uncovered after a combined effort by Kaspersky Lap, Interpol, Europol and authorities in the affected countries. It has been attributed to the Carbanak criminal gang, who spent two to four months on each hack, beginning by infecting one user’s computer in a corporate network.
The plot was designed to target the institution itself, leaving end users’ accounts unaffected.
Lee also said that, although forensic examinations can often oust the affected malware, this process could take too long.
“Once discovered it is quick and easy to announce that malware has been found, however it takes many weeks and months of forensic examination to identify exactly what which systems were affected, what was stolen and how far did the attack spread.”
He added: “Only through constant vigilance and paranoia at being infiltrated can organisations hope to detect and react to attacks such as these. If an attacker knows your systems and procedures better than your own IT staff, it will be a tough fight to detect and unseat the attacker.”
.jpg)